WO2017024957A1

WO2017024957A1 - Method and device for data processing

Info

Publication number: WO2017024957A1
Application number: PCT/CN2016/092673
Authority: WO
Inventors: 张金银; 肖禹; 江敏; 曾文秋; 廖育才
Original assignee: 阿里巴巴集团控股有限公司
Priority date: 2015-08-10
Filing date: 2016-08-01
Publication date: 2017-02-16
Also published as: CN106446704A

Abstract

Provided are a method and device for data processing. The method specifically comprises: at a data providing device end, performing desensitization processing on production data in a data providing device to obtain corresponding desensitization data (S11); at a platform device end, obtaining the desensitization data from the data providing device, wherein the desensitization data is obtained by desensitizing the production data in the data providing device (S31); configuring a platform device according to a corresponding data application device (S32); processing the desensitization data via the configured platform device (S33). Compared with the prior art, by means of performing third party assurance on data security depending on a data exchange and use platform, the problems of data being required to be available but invisible when different service parties exchange confidential data and use same and the assurance of data security are solved, so that the data is placed in a third-party secure environment for circulation and use in the case where a data providing party and use party are not fully trusted by each other, thereby guaranteeing the security of the data in circulation and use.

Description

Method and device for data processing

The present application claims priority to Chinese Patent Application Serial No. No. No. No. No. No. No. No. No. No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No

Technical field

The present application relates to the field of computers, and in particular to a technique for data processing.

Background technique

With the advent of the era of big data, the use and exchange of data is increasingly frequent. However, the provision and use of data often involves both parties to the business that are not fully trusted. The prior art will make the data by providing sampled desensitized sample data to the data user. Not visible, or restricted to the data consumer's data using the relevant permissions.

However, the prior art cannot accurately control the processing process and environment of the data by the user, such as copying the visible data in the authorization phase, or the data sampling desensitization process is not flexible enough, and the data provider does not trust the usage data usage environment. Therefore, the contradiction between using the data and not allowing the data consumer to see or export the data is gradually highlighted.

Summary of the invention

The purpose of the present application is to provide a method and device for data processing, which is to solve the problem that data needs to be invisible during data usage and data security is ensured when confidential or non-confidential data exchange is performed.

According to an aspect of the present application, a method for data processing is provided, which solves the problem that a service party needs data to be invisible during data usage, and the method includes:

Desensitizing the production data in the production project to obtain corresponding desensitization data;

Sending the desensitization data to a corresponding development project;

The desensitization data is processed by the development project.

According to another aspect of the present application, a method for data processing by using a data providing device end and a data application device end is provided, which solves the problem that data needs to be invisible when different business parties use non-confidential data exchange. Problem, the method includes:

At the data providing device end, the production data in the production project is desensitized to obtain corresponding desensitization data;

On the data providing device side, develop the application development project in the corresponding data application device through the development project. Authorization processing;

At the data providing device side, the desensitization data is sent to the application development project via the development project according to result information of the development authorization process.

On the data application device side, desensitization data from a development item in the data providing device is obtained by an application development project, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device;

At the data application device side, the desensitization data is processed by the application development project.

According to still another aspect of the present application, a method for data processing by a data providing device end and a data application device end for use in a platform device end is provided, which solves the problem that different business parties perform confidential data exchange and use. Data is invisible and data security is guaranteed. This method includes:

At the data providing device end, desensitizing the production data in the data providing device to obtain corresponding desensitization data;

Sending, on the data providing device end, the desensitization data to a corresponding platform device for processing by the corresponding data application device;

At the data application device side, the platform device is configured to process desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

Acquiring desensitization data from the data providing device on the platform device side, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

On the platform device side, configure the platform device according to the corresponding data application device;

At the platform device end, the desensitization data is processed by the configured platform device.

According to another aspect of the present application, there is provided an apparatus for performing data processing, which solves the problem that a service party needs data invisibility to be invisible during data use, and the apparatus includes:

a data desensitizing device for desensitizing the production data in the production project to obtain corresponding desensitization data;

a desensitization data transmitting device, configured to send the desensitization data to a corresponding development project;

A desensitization data processing device for processing the desensitization data by the development project.

According to another aspect of the present application, an apparatus for data processing is used by a data providing device end and a data application device end, and the device solves the problem that different data is invisible when non-confidential data exchange is used by different service parties. Problem, the device includes:

The data providing device data desensitizing device is configured to desensitize the production data in the production project to obtain corresponding desensitization data;

The data providing device development development authorization device is used for the application in the corresponding data application device through the development project Development project for development authorization processing;

a desensitizing data transmitting device of the data providing device, configured to send the desensitizing data to the application development project via the development project according to result information of the development authorization process;

a desensitization data acquisition device on the data application device side for acquiring desensitization data from a development item in the data providing device through an application development project, wherein the desensitization data is obtained by taking production data of a production item in the data providing device Sensitive treatment obtained;

A desensitizing data processing device on the data application device side for processing the desensitization data by the application development project.

According to still another aspect of the present application, an apparatus for data processing by using a data providing device end and a data application device end on a platform device end is provided, and the device solves the problem that different business parties perform confidential data exchange and use. Data is invisible and data security is guaranteed. The device includes:

The data providing device data desensitizing device is configured to desensitize the production data in the data providing device to obtain corresponding desensitization data;

The data providing device desensitizing data sending device is configured to send the desensitizing data to a corresponding platform device for processing by a corresponding data application device;

a platform configuration device of the data application device, configured to configure the platform device to process desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

a desensitization data acquiring device on the platform device side for acquiring desensitization data from the data providing device, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

a device device configured on the platform device, configured to configure the platform device according to the corresponding data application device;

The desensitization data processing device on the platform device side is configured to process the desensitization data by using the configured platform device.

Compared with the prior art, an embodiment of the present application desensitizes the production data in the data providing device at the data providing device end to obtain corresponding desensitization data; and acquires desensitization from the data providing device at the platform device end. Data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device; configuring the platform device according to the corresponding data application device; processing the desensitization data through the configured platform device to solve The problem of confidential data exchange and the invisibility of data availability and data security when using different business parties, so that data is placed in a third-party security environment for circulation and use when the data provider and the user do not fully trust. It ensures the security of data flow and use.

DRAWINGS

Other features, objects, and advantages of the present application will become more apparent from the detailed description of the accompanying drawings.

1 shows a flow chart of a method for performing data processing in accordance with an aspect of the present application;

2 shows a flow chart of a method for performing data processing in accordance with a preferred embodiment of the present application;

3 is a flowchart of a method for performing data processing implemented by a data providing device end and a data application device end according to another aspect of the present application;

4 is a flow chart showing a method for performing data processing according to another embodiment of the data providing device and the data application device according to another preferred example of the present application;

FIG. 5 is a flowchart of a method for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another aspect of the present application;

6 is a flowchart of a platform device-side method in a method for implementing data processing, which is implemented by a data providing device end, a data application device end, and a platform device end according to another preferred example of the present application;

FIG. 7 is a flowchart of a method for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred example of the present application;

8 shows a schematic diagram of an apparatus for performing data processing in accordance with another aspect of the present application;

FIG. 9 is a schematic diagram of an apparatus for performing data processing according to another preferred embodiment of the present application; FIG.

FIG. 10 is a schematic diagram of an apparatus for performing data processing according to a data providing device end and a data application device end according to another aspect of the present application; FIG.

11 is a schematic diagram showing an apparatus for performing data processing, which is implemented by a data providing device end and a data application device end according to another preferred example of the present application;

FIG. 12 is a schematic diagram of an apparatus for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another aspect of the present application;

13 is a schematic diagram of a platform device end in a device for implementing data processing, which is implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application;

FIG. 14 is a schematic diagram of an apparatus for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application.

The same or similar reference numerals in the drawings denote the same or similar components.

detailed description

The present application is further described in detail below with reference to the accompanying drawings.

In a typical configuration of the present application, the terminal, the device of the service network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory. Memory is an example of a computer readable medium.

Computer readable media includes both permanent and non-persistent, removable and non-removable media. Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, A magnetic tape cartridge, magnetic tape storage or other magnetic storage device or any other non-transportable medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media, such as modulated data signals and carrier waves.

The present application includes three cases of data processing, one of which is based on the control of the rights in the data use, so that the data provided by the business party is invisible in the process; and the second is based on the authorization mode, so that different business parties are in the process of non-confidential data exchange. The medium-sized security circulation is also invisible; the third is based on the way of entrusting a third-party platform to ensure the security of different business parties in the process of confidential data exchange and processing.

The control based on the permission of the data in use makes the data provided by the business party invisible in the process of processing, that is, in the case that a business party needs to perform data processing, the business party secretly desensitizes the key features of the real data and The process of providing the data developer with processing and finally processing the processing result is as follows.

1 shows a flow chart of a method for performing data processing in accordance with an aspect of the present application. The data processing device includes step S11, step S12, and step S13.

Specifically, in step S11, the data processing device desensitizes the production data in the production item to obtain corresponding desensitization data; in step S12, the data processing device transmits the desensitization data to the corresponding development project; The data processing device processes the desensitization data through the development project in step S13.

In step S11, the data processing device desensitizes the production data in the production project to obtain corresponding desensitization data, which means that the service hides the key sensitive features of the real data in the controlled security environment, thereby obtaining the reserved The necessary data characteristics used by the data user hide or eliminate the data characteristics that would cause security issues to be sensitive The data. The production data is the real data that the business party needs to process. The production project is the security environment controlled by the business party. It can be created by the business party and has relevant control rights such as accessing data object permissions, user management and authorization rights, and resource creation. For example, business company A needs research institute B to develop software for data of an application, and can create a production project in a data development platform that can be used by both parties. The created account is accessible to the owner of the production project. Produce all the resources in the project and authorize the user or account and set the security settings of the production project. The owner can assign a production account to have all the permissions except the security settings, so that the production account can develop an application for company A. The real data is desensitized. Desensitize real data in a secure environment controlled by the business side, so that key security information of the data can be concealed to improve data security.

Those skilled in the art should understand that the above manner of obtaining desensitization data is only an example, and other existing or future possible methods for obtaining desensitization data may be applicable to the present application, and should also be included in the scope of protection of the present application. It is hereby incorporated by reference.

Then, in step S12, the data processing device sends the desensitization data to the corresponding development project, which means that the desensitization data is sent to the security of the data processing and control by the data development platform, for example, through a common trust data development platform. Environment. The development project is a security environment that is trusted by the data provider for data processing by the data processing party. In the above example, the company A needs to perform software development processing on the data of an application in the data development platform. Create a production project and create a corresponding development project and assign development-related permissions such as creating tables, functions, resources, etc. in the development project to the development account of the B Institute, so that the desensitization data can be directly from the production project via the data development platform. Send to the development project. The manner of sending the desensitization data includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices, but is not limited thereto. Send desensitized data to the security development project environment trusted by the data provider to improve security and controllability during data development.

Then, in step S13, the data processing device processes the desensitization data through the development project, that is, the data processor performs processing such as software development, data mapping, etc. on the desensitization data in a secure development project environment, but is not limited thereto. this. Among them, the account or role of the development project to deal with the desensitization data is assigned or created by the business party providing the data. In the above example, the company A creates the production project and the owner of the development project assigns the B research institute or the company personnel to the development project. Administrator, the administrator has access to all objects in the development project, and can manage and authorize the user or role, such as assigning the data developer of the B research institute to develop the account, and the development account has the permission to create the table or function. Therefore, the desensitization data provided by Company A can be developed, thereby facilitating the secure management of the development account, and making the development account available to the real data but not visible.

Those skilled in the art should be able to understand that the manner of processing desensitization data in the above development projects is only an example, and other methods for processing desensitization data in existing or future development projects may be applied to the present application, and should also be included in The scope of the present application is intended to be included herein by reference.

Preferably, FIG. 2 shows a flow chart of a method for performing data processing in accordance with a preferred embodiment of the present application. It includes step S11, step S12, step S13, step S14, and step S15.

Specifically, in step S11, the data processing device desensitizes the production data in the production item to obtain corresponding desensitization data; in step S12, the data processing device transmits the desensitization data to the corresponding development project; The data processing device processes the desensitization data by the development item in step S13; the data processing device returns the processing result of the desensitization data in the development item to the production item in step S14; in step S15 The medium data processing device issues the processing result through the production item.

Here, step S11 and step S13 are the same as or similar to steps S11 and S13 in FIG. 1 and will not be described again.

The data processing device returns the processing result of the desensitization data in the development project to the production item in the data processing device in step S14, which refers to the processing result after the desensitization data is processed in the development project. Return to the production project controlled by the data provider. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices for transmission and reception. In the above example, the developer of the B research institute sends the code to the production project through the data development platform after developing the software code of the application through the development account in the development project based on the desensitization data, so that the company A processes the data processing result. Review or evaluate to further ensure the security of data and data processing results.

Then, in step S15, the data processing device issues the processing result through the production item, which means that the data provided by the data provider receives the returned desensitization data processing result in the production item, and then performs the code on the data processing result through the real data or Program performance verification or external output is not limited to this. Among them, the release processing result is to verify the data processing result or to produce it through real production data. In the above example, Company A publishes the returned program code based on desensitization data on the data development platform in the production project, and the production account uses the real data to test the software program of the released data. The data processing results are released in the production space so that the processing results are post-processed or verified within the data provider's secure environment, thereby improving the security of the data processing results.

Preferably, the data processing device further comprises a step S16 (not shown) for setting the rights information of the development item regarding the desensitization data. That is, after the production project desensitizes the real data, the same desensitization data may More than one type of data processing, for example, software development, data analysis, etc. At this time, different uses have different data usage. Therefore, different usage rights information can be used to obtain different usage and processing of desensitization data during development. Permissions. In the above example, the data of the company A's desensitization data set during software development is read, created, etc., and the data analysis is only read-only. Setting the development project's rights to desensitize data can make data usage more secure and avoid data security issues caused by excessive developer permissions. Further, sending the desensitization data to the development item according to the authority information in step S12 means that the desensitization data is selective according to different rights regarding desensitization data open to the development project. Sent to the development project, for example, Company A will desensitize data for a month's data analysis to send only desensitization data for the current month, while the desensitization data required for development software is one year or quarter, thus making desensitization The transmission of data is more targeted and better manages the data.

Based on the authorization method, different service parties can be safely circulated in the process of non-confidential data exchange and can also be invisible, that is, in the case that different business parties need to perform non-confidential data exchange processing, the data providing service party is in the data providing device. The process of hiding and desensitizing the key features of the real data and providing the data developer to another business party to process on the data application device side, and finally processing the processing result, is as follows.

FIG. 3 is a flowchart of a method for performing data processing implemented by a data providing device end and a data application device end according to another aspect of the present application. The data providing device end includes step S11, step S12, and step S13; and the data application device end includes step S21 and step S22.

Specifically, in step S11, the data processing device desensitizes the production data in the production project to obtain corresponding desensitization data; in step S12, the data processing device performs the application development project in the corresponding data application device through the development project. Developing a authorization process; the data processing device transmits the desensitization data to the application development project via the development project according to the result information of the development authorization process in step S13; the data processing device passes the application development project in step S21 Obtaining desensitization data from a development item in the data providing device, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device; the data processing device is developed by the application in step S22 The project processes the desensitization data.

In step S11, the data processing device desensitizes the production data in the production project to obtain the corresponding desensitization data, which means that the data providing device side, that is, the data providing device end is sensitive to the real data in the controlled security environment. The concealment of features results in data that retains the necessary data features available to the data consumer and conceals or eliminates data characteristics that would result in security-sensitive data. Among them, the production project is a security environment controlled by the data provider business. For example, in the above example, Company A cooperates with Company C to jointly develop an application software. Company A provides key data for software development and is responsible for part of software development. The company is responsible for software development, so in data development In the platform, Company A creates a project space for the application, which is the data supply device. The production project is the security environment for Company A to process real key data. The creation owner of Project A of the company assigns the production account of the company. It has all the rights except the security settings in the production project, that is, before the data is provided by Company A, the data is desensitized in the production project, so that the key security information of the data can be concealed to improve the security of the data.

Then, in step S12, the data processing device performs development authorization processing on the application development project in the corresponding data application device through the development project, which means that both the data providing device end and the data application device end have both the production project and the corresponding development project, because The production data is real data and should not be sent directly to different business parties from the security point of view. Therefore, after the data is desensitized, the desensitization data is sent to the development project of the project, and the data application application development project of the device side uses the desensitization data. It is necessary to obtain the authorization of the business party represented by the data providing device side. The authorization method includes authorizing the development project to the data application device, so that it can be sent through the data development platform or through SFTP or other secure file transfer methods, but is not limited thereto, or the development account in the data application device development project is performed. Authorization, so that the development account can directly read the desensitization data in the data-providing device-side development project. In the above example, C company initiates the development and control of company A in the data development platform when it needs A company data for software development. In the project, corresponding to the application of desensitization data, Company A authorizes the development account in the development project of Company C through the ACL authorization between the tables in the data development platform, so that the desensitization data can be safely transferred in the development environment.

Those skilled in the art should be able to understand that the manner of developing authorization in the above development projects is only an example, and other ways of developing authorization in existing or future development projects may be applicable to the present application, and should also be included in the scope of protection of the present application. It is hereby incorporated by reference.

Then, in step S13, the data processing device sends the desensitization data to the application development project via the development project according to the result information of the development authorization process, which means that the data is provided after the development project of the data application device is authorized. The device side sends the desensitization data in the controlled development project to the development project of the data application device. The method of sending includes, but is not limited to, sending through a data development platform or developing a project in a data application device. The development account is directly read according to the authorization, or is performed by SFTP or other secure file transmission method, but is not limited thereto. The development account of Company C is read by the company A through the development project of the data providing device, and then the desensitization data is read according to the authority, so that the desensitization data is visible, the production data is invisible, and the real data is guaranteed in the data exchange process. Security.

Next, the desensitization data obtaining means 321 acquires desensitization data from the development item in the data providing device by the application development project, wherein the desensitization data is desensitized by the production data of the production item in the data providing device The processing is obtained, that is, as described above, after obtaining the authorization of the data application device, the desensitization data provided by the data providing device development project is obtained according to the authorization, and the above example is the development project in the project space created by the management company C. The development account reads the desensitization data according to the authority after obtaining the authorization.

Those skilled in the art should be able to understand that the manner of obtaining the desensitization data of the device by the above data is only an example, and other existing or future data acquisition methods for providing device-side desensitization data may be applied to the present application, and It is intended to be included within the scope of this application and is hereby incorporated by reference.

Then, the data processing device processes the desensitization data through the application development project in step S22, that is, the development project managed by the data application device performs the desensitization data after acquiring the desensitization data of the data providing device end. deal with. The application development project is a data development environment controlled by the data application device end, and the business party where the data application device end is located controls the development authority, thereby effectively supervising the safe circulation of data, and the above example, that is, the data The project space where C Company is located in the development platform utilizes the development account of the authorized C company in the development space to develop the desensitized data of the read company A, so as to achieve desensitization data when the business side performs non-confidential data exchange processing. Visible and invisible to real data.

Preferably, the data application device further includes a step S25 (not shown) for desensitizing the application production data in the application production project to obtain corresponding application desensitization data. That is, in the production project controlled by the data application device, the production data of the data application device can be desensitized to obtain the desensitization data of the data application device end. For example, the company A and the C company jointly carry out software development, C company While obtaining the desensitization data of Company A for development, combined with the real production data of Company C for software development, the data is desensitized in the production project of Company C controlled by the data development platform, thereby obtaining the company C. Desensitization data. Further, in step S22, the data processing device processes the desensitization data and the application desensitization data through the application development project, that is, the development project of the data application device pair obtains the corresponding data application device end production project. The desensitization data provided and processed, and the above example, that is, the development project of the company C in the data development platform develops and processes the desensitization data of the real data of the C company provided by the C company production project, thereby achieving In the joint development process of A and C companies, C company can combine the desensitization data of both parties to process and ensure the security of real data in the process of circulation.

Preferably, FIG. 4 shows a flow chart showing a method for data processing implemented by the data providing device end and the data application device side according to another preferred example of the present application. The data providing device end includes step S11, step S12, and step S13; the data application device end includes step S21 and step S22; step S23; step S24.

Specifically, the data processing device desensitizes the production data in the production item in step S11 to obtain Corresponding desensitization data; in step S12, the data processing device performs development authorization processing on the application development project in the corresponding data application device through the development project; in step S13, the data processing device according to the result information of the development authorization process The desensitization data is sent to the application development project via the development project; in step S21, the data processing device acquires desensitization data from the development project in the data providing device through the application development project, wherein the desensitization data passes through the The production data desensitization process of the production item in the data providing device is obtained; in step S22, the data processing device processes the desensitization data through the application development project; in step S23, the data processing device stores the desensitization data in the The processing result in the application development project is provided to the application production project; in step S24, the data processing device issues the processing result through the application production project.

Here, the step S11, the step S12, the step S13, the step S21 and the step S22 are the same as or similar to the steps S11, S12, S13, S21 and S22 in FIG. 3 and will not be described again.

Providing, in the data application device, the processing result of the desensitization data in the application development project to the application production project in the data application device in step S23, means providing data in a development project of the data application device side The processed result of the desensitization data provided by the device end is returned to the production project controlled by the data application device. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices for transmission and reception. In the above example, the developer of Company C develops the software code of the application through the development account in the development project based on the desensitization data, and then sends the code to the production project of the C company through the data development platform, so that the company C is united. The data processing results developed are uniformly reviewed or evaluated to further ensure the security of data and data processing results.

Then, in step S24, the data processing device issues the processing result through the application production item, that is, the data application device end receives the desensitized data processing result in the production project, and then performs the code on the data processing result through the real data or Program performance verification or external output is not limited to this. The release processing result is to verify the data processing result or to obtain the data providing device end device in the production project after the authorization of the data on the data application device, and then to produce the data based on the real production data. In the above example, C company publishes the returned program code based on the desensitization data of company A on the data development platform in the production project, and the production account uses the real data authorized by company A to execute the software program on the released data. Test work. The data processing result is released in the production space, so that the processing result is post-processed or verified in the security environment of the data provider, so that the company A and the C company cooperate in the process of data processing, and the development project authorizes the development project so that C The company's development account can read the company's desensitization data, so that the development process has targeted protection and development of data permissions, development projects to improve the security of data processing results.

Preferably, the data providing device end further includes a step S14 (not shown) for performing a production authorization process on the application production item in the data application device by the production item; step S15 (not shown), And transmitting the production data to the application production item via the production item according to result information of the production authorization process. The data application device side further includes a step S26 (not shown) for acquiring production data of the production item in the data providing device by applying the production item.

Specifically, in step S14, the data processing device performs production authorization processing on the application production item in the data application device by using the production item, that is, the controlled production item of the data providing device end reads data through an authorized account, etc. The production project on the data application device is authorized. The authorization method includes, but is not limited to, the production project management account in the data providing device side, so that the management account of the data application device side production space can read the production data in the data providing device end by means of the access control between the tables, and the like. For example, the production account of the production project in the project space controlled by Company A authorizes the production account of the production project in the project space controlled by Company C, so that it can obtain the authority to read the real production data, thereby completing the authorization.

Next, the sending, by the data processing device, the production data to the application production item via the production item according to the result information of the production authorization processing in step S15 refers to sending the production data to the data according to the authorization information of the data providing device end. In the production project controlled by the application device, the above example is given, that is, after the authorization of the production project managed by the company C by the company A in the data development platform, the authorized production data of the company A is sent to the production project of the company C, Or the production account in the production project of Company C obtains the reading authority of the production data of Company A to read the production data of Company A.

Next, in step S26, the data processing device acquires the production data of the production item in the data providing device by applying the production item, wherein the step S23 performs the processing result in the application production item according to the production data. After the data application device obtains the production data of the data providing device according to the authorization, after the obtained production item obtains the processing result based on the desensitization data of the data providing device, the processing result is verified by the production data of the data providing device. Or execution, the execution manner includes, but is not limited to, performing code or program performance verification or external output through real data. In the above example, in the data development platform, the company C is released through the production account pair in the controlled production project. The software code based on the desensitization data of Company A is tested or the software is tested by the production data provided by Company A to Company C, so that the production data is only distributed in the production project environment of A and C companies, and the desensitization data is only Circulated in the development environment of A and C companies, and guaranteed to be common When the line data development process, only the visible side of the business development side of real data but the data is visible only to desensitization, so as to enhance the security of data in the non-confidential exchange.

Based on the way of entrusting third-party platforms, different business parties get security in the process of confidential data exchange and processing. In the case of full security, that is, when the business parties are involved in the exchange of confidential data, the data provided by the business party entrusts the data to a secure third party that the two parties trust, and the data processing business party adds the developer authorization to the third party for data processing, thereby The effect of ensuring that confidential data is available in a secure management environment but not replicable is as follows.

FIG. 5 is a flowchart of a method for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another aspect of the present application. The data providing device includes steps S11 and S12; the data application device includes step S21; and the platform device includes steps S31, S32, and S33.

Specifically, in step S11, the data processing device desensitizes the production data in the data providing device to obtain corresponding desensitization data; in step S12, the data processing device transmits the desensitization data to the corresponding platform device to Processing by the corresponding data application device; the data processing device acquires desensitization data from the data providing device in step S31, wherein the desensitization data is obtained by desensitizing the production data in the data providing device; The data processing device in S21 configures the platform device to process the desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device; in step S32, the data processing device configures the platform device according to the corresponding data application device The data processing device processes the desensitization data through the configured platform device in step S33.

In step S11, the data processing device desensitizes the production data in the data providing device to obtain the corresponding desensitization data, which means that the business party providing the data hides the key sensitive features of the real data at the data providing device end to obtain Retains the necessary data characteristics available to data consumers and conceals or eliminates data that can cause security-sensitive data characteristics. Among them, production data refers to real data containing key sensitive features. Data desensitization methods include, but are not limited to, desensitization directly on the data development platform or through manual screening. For example, Company A and Company D have certain types of data. Joint development, while the data of Party A contains sensitive confidential content is not suitable for D company to view, but D company needs to use the data of Company A during the development process, so the two parties will entrust a third-party platform that is trusted by others to carry out data circulation and processing. Before the data is placed in the third-party platform, in order to protect the data security of Company A, the real data, that is, the production data, is desensitized in the security environment managed by Company A, thereby improving the security of the data in the process of circulation.

Then, in step S12, the data processing device sends the desensitization data to the corresponding platform device for processing by the corresponding data application device, which means that the desensitization data is sent to the data processing device end and the data providing device at the data providing device end. The third-party data processing platform device side trusted by the service represented by the terminal enables the data application device to perform data processing in the third-party platform. The corresponding platform device refers to a third-party data processing platform that is trusted by both parties that need to perform data flow, such as a jointly created controllable correlation number. According to the data processing space or platform project of processing authority, but not limited to this, in the above data example, in the data development platform, Company A and Company D jointly entrust a third party as the control and arbitration party in the exchange process, and the third party supervises one. The project space is safely set up, and Company A sends the desensitization data to the project space controlled by the third party for Company D to process it in a third party. Here, the method of sending the desensitization data may be directly transmitted in the background through the data development platform or transmitted through a related protocol for secure transmission of the encrypted file, but is not limited thereto.

Next, the data processing device acquires desensitization data from the data providing device in step S31, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. Here, the platform device side is used as a data providing device and a security environment controlled by a third party trusted by the data application device end, and accepts or acquires the desensitization data of the data providing device end under a certain authority, thereby facilitating the data application device end. Processing, as in the above example, the project space created by the third party in the data platform is authorized by the project space, such as the project space of A, to directly authorize the third-party project space to read the desensitization data, thereby reading or accepting A. The company's desensitization data.

Next, the data processing device configures the platform device to process the desensitization data in step S21, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. That is, the data application device side performs the direct authorization of the development account or the project space package authorization on the platform device side, so that the data application device can process the desensitization data in the security environment controlled by the platform set end, For example, Company D authorizes the project space controlled by third parties in the data development platform, so that developers of Company D can process the data in the third-party project space. The method for configuring the platform device may be to directly authorize the project space controlled by the platform or authorize the development-related account in the platform, so that the data application device can perform data processing through the account, but is not limited thereto.

Then, in step S32, the data processing device configures the platform device according to the corresponding data application device, and the platform device device performs the setting according to the data application device end, so that the data application device device can process the desensitization data in a security environment controlled by the platform device. The manner in which the platform device is configured according to the corresponding data application device includes, but is not limited to, the development account of the authorized data application device end can perform data processing in the project space controlled by the platform device or the data application device directly performs authorization processing on the platform device end. . The platform device is configured to enable the data application device to process the desensitized data in the security management environment during the confidential data exchange, thereby improving the security of the confidential data.

A person skilled in the art should understand that the manner of configuring the platform device is only an example. Other existing or future possible configurations of the platform device may be applicable to the present application, and should also be included in the scope of protection of the present application. This is hereby incorporated by reference.

Then, in step S33, the data processing device processes the desensitization data through the configured platform device, and the data application device is desensitized according to the permission of the device device in the third-party security environment controlled by the platform device. Data processing, in the above example, A, D company authorized the third-party project space in the data development platform, the developer of the D company is added to the third-party project space for data processing, so that the data application device can The use of data to provide confidential data on the device side, while the confidential data can not be copied in a secure third-party environment, thereby improving the security of the use and processing of confidential data.

Preferably, FIG. 6 is a schematic diagram of a platform device-side method in a method for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application. The platform device end includes step S34, step S31, step S32, and step S33.

Specifically, the data processing device creates an item in the platform device in step S34; the data processing device acquires desensitization data from the data providing device through the item in step S31, wherein the desensitization data passes through the opposite The production data desensitization process is obtained in the data providing device; the data processing device configures the item according to the corresponding data application device in step S32; and the data processing device processes the desensitization data through the configured item in step S33 .

In step S34, the data processing device creates a project in the platform device, which means that a secure data flow and a processing space are created in the platform device trusted by the data providing device and the data application device, so that the confidential data can be secure. In the project space, the protection is received. In the data development platform, Company A and Company D jointly commissioned the data development platform or a third party trusted by both parties to create a secure project space in the data development platform, so that A, Company D can process and share data in the project space.

Those skilled in the art should understand that the manner of creating a project in the platform device is only an example. Other existing or future possible ways to create a project in the platform device are applicable to the present application, and should also be included in the present application. It is within the scope of protection and is hereby incorporated by reference.

Next, the data processing device acquires desensitization data from the data providing device through the item in step S31, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. Here, the project space created by the platform device side obtains desensitization data in the data providing device side by directly authorizing the project space of the data providing device side. Referring to the above example, Company A is in the data development platform to the third party. The project space is authorized so that the desensitization data can only be accessed in the third-party project space, thereby limiting the circulation and processing range of the confidential data, thereby improving the security of the data.

Then, in step S32, the data processing device configures the item according to the corresponding data application device, that is, the platform device side sets the project space according to the authorization of the data application device end, and the third-party project space is obtained as an example. The authorization of D company's project space is added to the developer of D company in the third project space, so that developers of Company D can process the desensitization data of Company A in the third-party project space.

Then, in step S33, the data processing device processes the desensitized data through the configured item, that is, the developer or the account of the data application device is configured, and then the platform device end is in the controlled project space. The data provides desensitization data provided by the device side for processing. In the above example, after the D company obtains the authorization in the data development platform or adds the developer to the third-party project space, the desensitization data of the confidential data provided by the company A is processed in the third-party project space, thereby Limiting the flow of confidential data to the project space further enhances the security of confidential data.

Preferably, FIG. 7 is a flowchart of a method for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application. The data providing device end includes step S11, step S13, and step S12; the data application device end includes step S21; and the platform device end includes step S34, step S35, step S31, step S32, step S33, and step S36 and step S37.

Specifically, in step S34, the data processing device creates an item in the platform device; in step S11, the data processing device desensitizes the production data in the data providing device to obtain corresponding desensitization data; in step S13 The data processing device performs authorization processing on the items in the platform device; in step S35, the data processing device acquires authorization information of the data providing device and the data application device for the item; in step S12, the data processing device The desensitization data is sent to the corresponding platform device for processing by the corresponding data application device; in step S31, the data processing device acquires desensitization data from the data providing device through the item according to the authorization information, where The desensitization data is obtained by desensitizing the production data in the data providing device; the data processing device configures the platform device to process desensitization data in step S21, wherein the desensitization data is passed through the data providing device The production data desensitization process is obtained; in step S32, the data processing device is configured according to the corresponding data Configuring the item; the data processing device processes the desensitization data through the configured item in step S33; and the data processing device provides the processing result of the desensitization data in the application development item in step S36 To the application production project; in step S37, the data processing device issues the processing result of the desensitization data in the development project through the production project.

Here, step S11, step S12, and step S21 are the same as or similar to step S11, step S12, and step S21 in FIG. 5 and will not be described again. Step S34 is the same as or similar to step S34 in FIG. 6, and will not be described again.

Authorizing the item in the platform device by the platform authorization device 713 in the data providing device refers to authorizing the project space controlled by the trusted platform device at the data providing device end. Among them, the authorized party The platform device item can be packaged and authorized directly through the project in the data providing device, so that the confidential data provided by the data providing device can be obtained by the platform device project, and the above example is in the data development platform. The company's project space packages and authorizes the third-party project space, so that the account of the third-party project space can read the desensitization data or the third-party project space has the right to accept desensitization data.

Then, in step S35, the data processing device acquires the authorization information of the data providing device and the data application device for the item, and refers to receiving the authorization of the data providing device end and the data application device end of the platform device end. The flow and processing of confidential data are transferred in a secure environment of mutual trust. In the above example, in the data development platform, the project space of Company A and Company D package and authorize the third-party project space, thereby making the company A take off. Sensitive data can be streamed in third-party project spaces and developers of Company D can develop Desensitization data for Company A in a third-party space. Data is transferred and processed in a secure and controllable environment through project authorization on the platform device side to improve data security.

Further, in step S31, the data processing device acquires desensitization data from the data providing device through the item according to the authorization information, wherein the desensitization data is taken off by the production data in the data providing device Sensitive treatment is obtained. That is, the project on the platform device side obtains the desensitization data according to the authorization of the data providing device end, wherein the obtaining manner includes, but is not limited to, reading the desensitized data within the authority according to the authorization of the project, In the data development platform, Company A grants the third-party project the right to read and copy the desensitized data of the confidential data, so that the third-party project acquires the desensitization data of Company A.

Preferably, the items in the data providing device, the data application device, and the platform device include a production project and a development project. The production project refers to a project space in the project that processes real data, and is controlled by each business party; the development project is Refers to the project space where the developer handles the desensitization data in the project, and is used by the development account assigned by the business party.

Therefore, in step S35, the data processing device is further configured to acquire authorization information of the data providing device and the data application device for the production item. That is, the production project on the data development device side and the data application device side package and authorize the production items in the platform device side of the common trust, so that the real data to be processed within the allowable range of the two can be shared in a safe production project environment. In the above example, Company A and Company D authorize the production projects in the third-party projects in the data development platform, and obtain the real data required by the two parties to jointly develop the software after obtaining the authorization.

Next, in step S31, the data processing device is further configured to acquire desensitization data from the data providing device through the development item according to the authorization information, wherein the desensitization data is passed through the data providing device Production data desensitization is obtained. Here, the desensitization data in the platform device is desensitized by the data providing device For development projects that can only be used by data application device developers, the above example, according to company A's authorization for third-party data, third-party development projects obtain desensitization data from company A, thereby adding developers to Developers in third-party development projects can use the development project to process and use the desensitization data of Company A, thus ensuring that desensitization data can be used by developers of Company D in a third-party security environment, but because it is in a third party. The desensitized data cannot be copied or used for other purposes in a controlled environment, thus ensuring the security of confidential data.

Next, in step S32, the data processing device is further configured to configure the development item according to the corresponding data application device. That is, the data application device can process the desensitization data provided by the data providing device in the platform device by adding the development account in the data application device to the development project or the like through the platform device end. The development project space shared by A and D companies in the data development platform adds the developer account of Company D to the project space of the third party according to the application of Company D, and then processes the desensitization data of Company A.

Next, the data processing device is further configured to process the desensitization data through the configured development item in step S33. After the development account or personnel of the data application device is configured to the development project, the desensitization data provided by the data providing device is processed in the development project of the platform device side, and the developer of the D company in the data development platform is connected as an example. Or the account number is added to the development of the desensitization data of Company A in the third-party development project space, so that the desensitization data cannot be copied or reserved for use in a third-party controlled environment, and the confidential data is guaranteed. Security.

Next, in step S36, the data processing device provides the processing result of the desensitization data in the application development project to the application production project. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices for transmission and reception. In the above example, the developer of Company D develops the software code of the application through the development account in the third-party development project based on the desensitization data, and then sends the code back to the production project through the data development platform, so that Company A is in the third party. Data processing results are reviewed or evaluated in the production project space to further ensure the security of data and data processing results.

Next, in step S37, the data processing device issues the processing result of the desensitization data in the development project through the production item. Among them, the release processing result is to verify the data processing result or to produce it through real production data. In the above example, Company A publishes the returned program code based on desensitization data on the data development platform in the production project, and the production account uses the real data in the third-party project space to execute the software program on the released data. Test work. The data processing results are published in the third-party production space, so that the processing results are post-processed or verified within the data provider's secure environment, thereby improving the logarithm According to the safety of the processing results.

Preferably, the data application device further includes a step S22 (not shown) for performing authorization processing on the items in the platform device. That is, the data application device uses the data to provide the data of the device end, and in the case that the data needs to be processed together with the data, the platform can be authorized to obtain the data to apply the confidential data of the device or the desensitization data thereof. In the above example, in the data development platform, D company needs to combine the confidential data of Company D with the desensitization data of Company A to develop or research the software in the third-party development environment. Therefore, the project space controlled by Company D is the first. The three-party platform project is authorized to provide desensitization data of D company's confidential data, so that the dual-issue data of the company's dual-issue data is properly protected when the shared data is processed.

Further, the platform device end further includes a step S38 (not shown) for acquiring application desensitization data from the data application device through the development item according to the authorization information, wherein the application is desensitized The data is obtained by desensitizing the application production data in the data application device. Further, in step S33, the data processing device is further configured to process the desensitization data and the application side desensitization data by the configured development item. That is, the platform device side obtains the desensitization data according to the authorization of the data application device, wherein the development project account including but not limited to the platform device obtains the access permission of the development project of the data application device side or the data application device sends the desensitization data to the device end On the platform device side, the above example, that is, the development project of D company authorizes the development project of the third party, so that the desensitization data of the confidential data of D company can be separately or cooperated by the developer in the third-party development project. The company's desensitization data is processed together, so that the confidential data of both parties in the third party is shared, and the third-party security management environment makes the data output need to be mutually permitted by both parties, thus protecting the data security.

FIG. 8 shows a schematic diagram of an apparatus for performing data processing in accordance with another aspect of the present application. The data processing device includes a data desensitizing device 111, a desensitizing data transmitting device 112, and a desensitizing data processing device 113.

Specifically, the data desensitizing device 111 in the data processing device desensitizes the production data in the production item to obtain corresponding desensitization data; the desensitization data transmitting device 112 sends the desensitization data to the corresponding development. The desensitization data processing device 113 processes the desensitization data by the development project.

The data desensitizing device 111 in the data processing device desensitizes the production data in the production project to obtain the corresponding desensitization data, which means that the business hides the key sensitive features of the real data in the controlled security environment to obtain Retaining the necessary data features available to data users and hiding or eliminating them can cause security problems Data that senses the characteristics of the data. The production data is the real data that the business party needs to process. The production project is the security environment controlled by the business party. It can be created by the business party and has relevant control rights such as accessing data object permissions, user management and authorization rights, and resource creation. For example, business company A needs research institute B to develop software for data of an application, and can create a production project in a data development platform that can be used by both parties. The created account is accessible to the owner of the production project. Produce all the resources in the project and authorize the user or account and set the security settings of the production project. The owner can assign a production account to have all the permissions except the security settings, so that the production account can develop an application for company A. The real data is desensitized. Desensitize real data in a secure environment controlled by the business side, so that key security information of the data can be concealed to improve data security.

Then, the desensitization data transmitting device 112 sends the desensitization data to the corresponding development project, which means sending the desensitized data to a security environment controlled by the data processing and controlling the data in a secure manner, for example, through a data platform of mutual trust. in. The development project is a security environment that is trusted by the data provider for data processing by the data processing party. In the above example, the company A needs to perform software development processing on the data of an application in the data development platform. Create a production project and create a corresponding development project and assign development-related permissions such as creating tables, functions, resources, etc. in the development project to the development account of the B Institute, so that the desensitization data can be directly from the production project via the data development platform. Send to the development project. The manner of sending the desensitization data includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices, but is not limited thereto. Send desensitized data to the security development project environment trusted by the data provider to improve security and controllability during data development.

Then, the desensitization data processing device 113 processes the desensitization data through the development project, which means that the data processor performs processing such as software development, data mapping, etc. on the desensitization data in a secure development project environment, but is not limited thereto. . Among them, the account or role of the development project to deal with the desensitization data is assigned or created by the business party providing the data. In the above example, the company A creates the production project and the owner of the development project assigns the B research institute or the company personnel to the development project. Administrator, the administrator has access to all objects in the development project, and can manage and authorize the user or role, such as assigning the data developer of the B research institute to develop the account, and the development account has the permission to create the table or function. Therefore, the desensitization data provided by Company A can be developed, thereby facilitating the secure management of the development account, and making the development account available to the real data but not visible.

Preferably, FIG. 9 shows a schematic diagram of an apparatus for performing data processing in accordance with another preferred embodiment of the present application. The data processing device includes a data desensitizing device 211, a desensitizing data transmitting device 212, a desensitizing data processing device 213, a data processing result providing device 214, and a data processing result issuing device 215.

Specifically, the data desensitizing device 211 in the data processing device desensitizes the production data in the production item to obtain corresponding desensitization data; the desensitization data transmitting device 212 sends the desensitization data to the corresponding development. The desensitization data processing device 213 processes the desensitization data by the development project; the data processing result providing device 214 returns the processing result of the desensitization data in the development project to the production project; data processing The result issuing device 215 issues the processing result through the production item.

Here, the data desensitizing device 211 and the desensitizing data processing device 213 are the same as or similar to the data desensitizing device 111 and the desensitizing data processing device 113 in FIG. 8 and will not be described again.

The data processing result providing means 214 in the data processing device returns the processing result of the desensitization data in the development item to the production item, which means that the processing result after the desensitization data is processed in the development item is returned. To the production project controlled by the data provider. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices for transmission and reception. In the above example, the developer of the B research institute sends the code to the production project through the data development platform after developing the software code of the application through the development account in the development project based on the desensitization data, so that the company A processes the data processing result. Review or evaluate to further ensure the security of data and data processing results.

Then, the data processing result issuing device 215 issues the processing result through the production item, which means that the data provided by the data provider receives the returned desensitization data processing result in the production item, and then performs the code or the program on the data processing result through the real data. Performance verification or external output is not limited to this. Among them, the release processing result is to verify the data processing result or to produce it through real production data. In the above example, Company A publishes the returned program code based on desensitization data on the data development platform in the production project, and the production account uses the real data to test the software program of the released data. The data processing results are released in the production space so that the processing results are post-processed or verified within the data provider's secure environment, thereby improving the security of the data processing results.

Preferably, the data processing device further includes desensitization data authority setting means 216 (not shown) for setting authority information of the development item regarding the desensitization data. That is, after the production project desensitizes the real data, the same desensitization data may be used for more than one type of data processing, for example, software development, data analysis, etc., at this time, different uses of the data are different, so by setting Different permission information can be used differently for the desensitization data during development. In the above example, the data of the company A's desensitization data set during software development is read, created, etc., and the data analysis is only read-only. Setting the development project's rights to desensitize data can make data usage more secure and avoid data security issues caused by excessive developer permissions. Further, the desensitizing data transmitting device 212 sending the desensitization data to the development project according to the authority information refers to selectively desensitizing data according to different rights regarding desensitization data open to a development project. Sending to the development project, for example, Company A will need to perform desensitization data for a month of data analysis to send only desensitization data for the current month, while the desensitization data required for development software is one year or one quarter, thus making it take off The transmission of sensitive data is more targeted and better manages the data.

FIG. 10 is a schematic diagram of an apparatus for performing data processing implemented by a data providing device end and a data application device end according to another aspect of the present application. The data providing device includes a data desensitizing device 311, a development authorization device 312, and a desensitization data transmitting device 313. The data application device includes a desensitizing data acquiring device 321 and a desensitizing data processing device 322.

Specifically, the data desensitizing device 311 desensitizes the production data in the production project to obtain corresponding desensitization data; the development authorization device 312 develops and authorizes the application development project in the corresponding data application device through the development project; The sensitive data transmitting device 313 sends the desensitized data to the application development project via the development project according to the result information of the development authorization process; the desensitization data obtaining device 321 acquires the development from the data providing device through the application development project Desensitization data of the item, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device; the desensitization data processing device 322 processes the desensitization data by the application development project.

The data desensitizing device 311 desensitizes the production data in the production project to obtain the corresponding desensitization data, which means that the data providing device side, that is, the data providing device end is sensitive to the real data in the controlled security environment. The concealment of features to obtain the necessary data features that are reserved for use by data consumers and to conceal or eliminate Data that results in security-sensitive data characteristics. Among them, the production project is a security environment controlled by the data provider business. For example, in the above example, Company A cooperates with Company C to jointly develop an application software. Company A provides key data for software development and is responsible for part of software development. The company is responsible for software development. Therefore, in the data development platform, Company A creates a project space for the application, which is the data supply device. The production project is the security environment for Company A to process real critical data, and the creation of owner A project space. Assigning the company's production account, the production account has all the rights except the security settings in the production project, that is, the data is desensitized in the production project before the company A provides the data, so that the key security information of the data can be Be concealed to improve data security.

Then, the development authorization device 312 develops the authorization processing for the application development project in the corresponding data application device through the development project, which means that both the data providing device end and the data application device end have both the production project and the corresponding development project, because the production data is The real data should not be sent directly to different business parties from the security point of view. Therefore, after the data is desensitized, the desensitization data is sent to the development project of the project, and the development project of the data application device needs to obtain the desensitization data before using the desensitization data. The data provides authorization for the business party represented by the device side. The authorization method includes authorizing the development project to the data application device, so that it can be sent through the data development platform or through SFTP or other secure file transfer methods, but is not limited thereto, or the development account in the data application device development project is performed. Authorization, so that the development account can directly read the desensitization data in the data-providing device-side development project. In the above example, C company initiates the development and control of company A in the data development platform when it needs A company data for software development. In the project, corresponding to the application of desensitization data, Company A authorizes the development account in the development project of Company C through the ACL authorization between the tables in the data development platform, so that the desensitization data can be safely transferred in the development environment.

Then, the desensitization data transmitting device 313 sends the desensitization data to the application development project via the development project according to the result information of the development authorization process, and refers to the data providing device after the development project of the data application device end is authorized. The terminal sends the desensitization data in the controlled development project to the development project on the data application device side. The method of sending includes, but is not limited to, sending through a data development platform or developing a project in a data application device. The development account is directly read according to the authorization, or is performed by SFTP or other secure file transmission method, but is not limited thereto. The development account of Company C is read by the company A through the development project of the data providing device, and the desensitization data is read according to the authority, so that the desensitization data is visible and the production data is invisible, and the protection is guaranteed. The security of real data during the data exchange process.

Next, the desensitization data obtaining means 321 acquires desensitization data from the development item in the data providing device through the application development project, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device, That is, as described above, after the data application device is authorized, the desensitization data provided by the data providing device development project is obtained according to the authorization, and the above example, that is, the development account in the development project in the project space created by the C company is controlled. After obtaining authorization, the desensitization data is read according to the authority.

Then, the desensitization data processing device 322 processes the desensitization data by using the application development project, where the development project managed by the data application device processes the desensitization data after acquiring the desensitization data of the data providing device end. . The application development project is a data development environment controlled by the data application device end, and the business party where the data application device end is located controls the development authority, thereby effectively supervising the safe circulation of data, and the above example, that is, the data The project space where C Company is located in the development platform utilizes the development account of the authorized C company in the development space to develop the desensitized data of the read company A, so as to achieve desensitization data when the business side performs non-confidential data exchange processing. Visible and invisible to real data.

Preferably, the data application device side further includes a data desensitizing device 325 (not shown) for desensitizing the application production data in the application production project to obtain corresponding application desensitization data. That is, in the production project controlled by the data application device, the production data of the data application device can be desensitized to obtain the desensitization data of the data application device end. For example, the company A and the C company jointly carry out software development, C company While obtaining the desensitization data of Company A for development, combined with the real production data of Company C for software development, the data is desensitized in the production project of Company C controlled by the data development platform, thereby obtaining the company C. Desensitization data. Further, the desensitization data processing device 322 is further configured to process the desensitization data and the application desensitization data by using the application development project, that is, the data application device-side development project obtains its corresponding data application device. The desensitization data provided in the end production project is processed and processed. The above example, that is, the development project of C company in the data development platform develops the desensitization data of the real data of the C company provided by the C company production project. Processing, so that A and C companies in the joint development process, C company can combine the desensitization data of both parties for processing and can ensure the security of real data in the process of circulation.

Preferably, FIG. 11 shows a schematic diagram of a device for performing data processing, which is implemented by a data providing device end and a data application device end according to another preferred embodiment of the present application, wherein the data providing device The end includes a data desensitizing device 411, a development authorization device 412, and a desensitization data transmitting device 413; the data application device end includes desensitization data acquiring device 421 and desensitization data processing device 422; data processing result providing device 423; data processing The result is published 424.

Specifically, the data desensitizing device 411 desensitizes the production data in the production project to obtain corresponding desensitization data; and the development authorization device 412 develops and authorizes the application development project in the corresponding data application device through the development project; The sensitive data transmitting device 413 sends the desensitized data to the application development project via the development project according to the result information of the development authorization process; the desensitization data acquiring device 421 acquires the development from the data providing device through the application development project Desensitization data of the item, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device; the desensitization data processing device 422 processes the desensitization data by the application development project; The data processing result providing means 423 supplies the processing result of the desensitization data in the application development item to the application production item; the data processing result issuing means 424 issues the processing result through the application production item.

Here, the data desensitizing device 411, the development authorizing device 412, the desensitizing data transmitting device 413, the desensitizing data acquiring device 421, and the desensitizing data processing device 422 are the same as the data desensitizing device 311 and the development authorizing device 312 in FIG. The desensitization data transmitting device 313, the desensitizing data acquiring device 321, and the desensitizing data processing device 322 are the same or similar and will not be described again.

The data processing result providing means 423 in the data application device side provides the processing result of the desensitization data in the application development project to the application production item, and refers to the data providing device in the development project of the data application device side The processed result of the desensitization data provided by the terminal is returned to the production project controlled by the data application device. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes, but is not limited to, a background system of the data development platform or a secure channel such as SFTP is established between the computer devices for transmission and reception. In the above example, the developer of Company C develops the software code of the application through the development account in the development project based on the desensitization data, and then sends the code to the production project of the C company through the data development platform, so that the company C is united. The data processing results developed are uniformly reviewed or evaluated to further ensure the security of data and data processing results.

Then, the data processing result issuing device 424 issues the processing result through the application production item, which means that the data application device receives the returned desensitization data processing result in the production project, and then performs the code or the program on the data processing result through the real data. Performance verification or external output is not limited to this. The release processing result is to verify the data processing result or to obtain the data providing device end device in the production project after the authorization of the data on the data application device, and then to produce the data based on the real production data. In the above example, Company C returns to the production project. The program code based on the desensitization data development of company A is released on the data development platform, and the production account uses the real data authorized by company A to test the software program of the released data. The data processing result is released in the production space, so that the processing result is post-processed or verified in the security environment of the data provider, so that the company A and the C company cooperate in the process of data processing, and the development project authorizes the development project so that C The company's development account can read the company's desensitization data, so that the development process has targeted protection and development of data permissions, development projects to improve the security of data processing results.

Preferably, the data providing device end further includes a production authorization device 414 (not shown) for performing production authorization processing on the application production item in the data application device by the production item; and the production data transmitting device 415 ( Not shown) for transmitting the production data to the application production item via the production item according to result information of the production authorization process. The data application device side further includes a production data acquisition device 426 (not shown) for acquiring production data of the production items in the data providing device by applying the production item.

Specifically, the production authorization device 414 (not shown) performs production authorization processing on the application production item in the data application device by the production item, that is, the controlled production item of the data providing device end is read by the authorized account. Data, etc., authorize production projects on the data application device side. The authorization method includes, but is not limited to, the production project management account in the data providing device side, so that the management account of the data application device side production space can read the production data in the data providing device end by means of the access control between the tables, and the like. For example, the production account of the production project in the project space controlled by Company A authorizes the production account of the production project in the project space controlled by Company C, so that it can obtain the authority to read the real production data, thereby completing the authorization.

Next, a production data transmitting device 415 (not shown) for transmitting the production data to the application production item via the production item according to the result information of the production authorization process means authorizing information according to the data providing device side The production data is sent to the controlled production project of the data application device side. For example, in the data development platform, after the company A authorizes the production project managed by the C company, the authorized production data of the company A is sent to the C. In the production project of the company, or the production account in the production project of C company, the reading authority of the production data of company A is obtained to read the production data of company A.

Next, a production data obtaining means 426 (not shown) for acquiring production data of the production item in the data providing device by applying the production item, wherein the data processing result issuing means 423 is based on the production data The execution result of the processing in the application production project refers to that after the data application device obtains the production data of the data providing device according to the authorization, after obtaining the processing result obtained based on the desensitization data of the data providing device on the controlled production item, the data is passed. Providing production data of the device side to verify or execute the processing result, the executing party The formula includes, but is not limited to, code or program performance verification or external output through real data. In the above example, in the data development platform, the company C releases the desensitization data based on the company A through the production account in the controlled production project. The obtained software code is tested or tested by the production data provided by Company A to Company C, so that the production data is only distributed in the production project environment of A and C companies. The desensitization data is only in A and C companies. The circulation in the development environment ensures that when the data development process is jointly performed, only the business party can see the real data, but the developer only sees the desensitization data, thereby improving the security of the data during non-confidential exchange.

Based on the way of entrusting a third-party platform, the different business parties are secured in the process of confidential data exchange and processing, that is, the business side providing data to the two parties in the business involved in the confidential data exchange entrusts the data to the mutual trust security. Third-party, the data processing business side adds the developer authorization to the third party for data processing, thus ensuring the effect that the confidential data is available but not replicable in a secure management environment, as follows.

FIG. 12 is a schematic diagram of an apparatus for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another aspect of the present application. The data providing device includes a data desensitizing device 511 and a desensitizing data transmitting device 512. The data application device includes a platform configuration device 521. The platform device includes a desensitizing data acquiring device 531, a configuration device 532, and a desensitizing data processing device. 533.

Specifically, the data desensitizing device 511 in the data providing device performs desensitization processing on the production data in the data providing device to obtain corresponding desensitization data; the desensitizing data transmitting device 512 transmits the desensitized data to the corresponding platform. The device is processed by the corresponding data application device; the desensitization data obtaining device 531 in the platform device end acquires desensitization data from the data providing device, wherein the desensitization data is desensitized by the production data in the data providing device The data acquisition device platform configuration device 521 configures the platform device to process the desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device; the platform device end configuration device 532 is configured according to The platform device is configured to correspond to the data application device; the desensitization data processing device 533 processes the desensitization data through the configured platform device.

The data desensitizing device 511 in the data providing device desensitizes the production data in the data providing device to obtain the corresponding desensitized data, which means that the data providing device is sensitive to the real data at the data providing device end. The concealment of features results in data that retains the necessary data features available to the data consumer and conceals or eliminates data characteristics that would result in security-sensitive data. Among them, production data refers to real data containing key sensitive features. Data desensitization methods include, but are not limited to, desensitization directly on the data development platform or through manual screening. For example, Company A and Company D have certain types of data. Joint development, while the data of Party A contains sensitive confidential content is not suitable for D company to view, but D company needs to use the data of Company A during the development process, so the two parties will entrust a third-party platform that is trusted by others to carry out data circulation and processing. Before the data is placed on a third-party platform, Data security of the company A, first desensitize the real data, that is, the production data in the security environment managed by Company A, thereby improving the security of the data in the process of circulation.

Then, the desensitizing data sending device 512 sends the desensitized data to the corresponding platform device for processing by the corresponding data application device, and means sending the desensitized data to the data processing device end and the data providing device end at the data providing device end. The third-party data processing platform device side trusted by the represented business parties enables the data application device side to perform data processing in the third-party platform. The corresponding platform device refers to a third-party data processing platform that is trusted by both parties of the data flow, such as a data processing space or platform project that can jointly create related data processing permissions, but is not limited thereto. In the above example, in the data development platform, Company A and Company D jointly entrust a third party as the control and arbitration party in the exchange process. The third party supervises a project space and performs security settings. Company A sends desensitization data to the first The project space controlled by the three parties is for the company D to process it in a third party. Here, the method of sending the desensitization data may be directly transmitted in the background through the data development platform or transmitted through a related protocol for secure transmission of the encrypted file, but is not limited thereto.

Next, the desensitization data acquisition means 531 in the platform device side acquires desensitization data from the data providing device, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. Here, the platform device side is used as a data providing device and a security environment controlled by a third party trusted by the data application device end, and accepts or acquires the desensitization data of the data providing device end under a certain authority, thereby facilitating the data application device end. Processing, as in the above example, the project space created by the third party in the data platform is authorized by the project space, such as the project space of A, to directly authorize the third-party project space to read the desensitization data, thereby reading or accepting A. The company's desensitization data.

Next, the platform configuration device 521 in the data application device configures the platform device to process the desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. That is, the data application device side performs the direct authorization of the development account or the project space package authorization on the platform device side, so that the data application device can process the desensitization data in the security environment controlled by the platform set end, For example, Company D authorizes the project space controlled by third parties in the data development platform, so that developers of Company D can process the data in the third-party project space. The method for configuring the platform device may be to directly authorize the project space controlled by the platform or authorize the development-related account in the platform, so that the data application device can perform data processing through the account, but is not limited thereto.

Then, the platform device configuration device 532 configures the platform device according to the corresponding data application device. The platform device device is configured according to the data application device end, so that the data application device terminal can process the desensitization data in a security environment controlled by the platform device. The manner in which the platform device is configured according to the corresponding data application device includes but is not limited to The development account of the authorization data application device can perform data processing in the project space controlled by the platform device or the data application device directly performs authorization processing on the platform device end. The platform device is configured to enable the data application device to process the desensitized data in the security management environment during the confidential data exchange, thereby improving the security of the confidential data.

Then, the desensitization data processing device 533 processes the desensitization data by using the configured platform device, and the data application device end desensitizes the data according to the authority of the device platform in the third-party security environment controlled by the platform device. For processing, in the above example, A and D companies authorized the third-party project space in the data development platform, and then added the developer of the D company to the third-party project space for data processing, so that the data application device can be used. Data provides confidential data on the device side, and at the same time, confidential data cannot be copied in a secure third-party environment, thereby improving the security of confidential data during use and processing.

Preferably, FIG. 13 is a schematic diagram of a platform device end in a device for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application. The platform device end includes a platform item creation device 634, a desensitization data acquisition device 631, a configuration device 632, and a desensitization data processing device 633.

Specifically, the platform item creation device 634 in the platform device side creates an item in the platform device; the desensitization data obtaining device 631 acquires desensitization data from the data providing device through the item, wherein the desensitization data Obtained by the desensitization process of the production data in the data providing device; the configuration device 632 configures the item according to the corresponding data application device; the desensitization data processing device 633 processes the desensitization data through the configured item.

The platform item creation device 634 in the platform device side creates a project in the platform device, which means creating a secure data flow and processing space in the platform device trusted by the data providing device end and the data application device end, so that the confidential data is made. You can receive protection in a secure project space. For example, in the data development platform, Company A and Company D jointly commission a data development platform or a third party trusted by both parties to create a secure project space in the data development platform. So that A and D companies can process and share data in the project space.

Next, the desensitization data acquiring means 631 acquires desensitization data from the data providing device by the item, wherein the desensitization data is obtained by desensitizing the production data in the data providing device. Here, the project space created by the platform device side obtains desensitization data in the data providing device side by directly authorizing the project space of the data providing device side. Referring to the above example, Company A is in the data development platform to the third party. The project space is authorized so that the desensitization data can only be accessed in the third-party project space, thereby limiting the circulation and processing range of the confidential data, thereby improving the security of the data.

Then, the configuration device 632 configures the item according to the corresponding data application device, that is, the platform device side sets the project space according to the authorization of the data application device end. Referring to the above example, the third-party project space obtains the authorization of the project space of the D company. In the third project space, the developers of Company D are added, so that the developers of Company D can process the desensitization data of Company A in the third-party project space.

Then, the desensitization data processing device 633 processes the desensitization data through the configured item, that is, the developer or the account of the data application device side is configured, and then the platform device end pairs the data in the controlled project space. The desensitization data provided by the device is provided for processing. In the above example, after the D company obtains the authorization in the data development platform or adds the developer to the third-party project space, the desensitization data of the confidential data provided by the company A is processed in the third-party project space, thereby Limiting the flow of confidential data to the project space further enhances the security of confidential data.

Preferably, FIG. 14 is a schematic diagram of an apparatus for implementing data processing implemented by a data providing device end, a data application device end, and a platform device end according to another preferred embodiment of the present application. The data providing device end includes a data desensitizing device 711, a platform authorization device 713, and a desensitization data transmitting device 712; the data application device end includes a configuration device 721; the platform device end includes a platform item creating device 734, The authorization acquisition means 735, the desensitization data acquisition means 731, the configuration means 732, the desensitization data processing means 733, the data processing result providing means 736, and the data processing result issuing means 737.

Specifically, the platform item creation means 734 creates an item in the platform device; the data desensitization means 711 desensitizes the production data in the data providing device to obtain corresponding desensitization data; the platform authorization means 713 pairs the platform The item in the device performs authorization processing; the authorization obtaining device 735 acquires authorization information of the data providing device and the data application device for the item; the desensitization data transmitting device 712 sends the desensitization data to the corresponding platform device For the corresponding data application device to process; the desensitization data obtaining device 731 acquires desensitization data from the data providing device through the item according to the authorization information, wherein the desensitization data passes through the data providing device The production data desensitization process is obtained; the platform configuration device 721 configures the platform device to process the desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device; 732 configuring the item according to the corresponding data application device; the desensitization data processing device 733 processes the desensitization data through the configured item; and the data processing result providing device 736 stores the desensitization data in the application development project The processing result is provided to the application production item; the data processing result issuing means 737 issues the processing result of the desensitization data in the development item through the production item.

Here, the data desensitizing device 711, the desensitizing data transmitting device 712, and the platform arranging device 721 are the same as or similar to the data desensitizing device 511, the desensitizing data transmitting device 512, and the platform arranging device 521 in FIG. The platform project creation device 734 is the same as or similar to the platform project creation device 634 in FIG. 13 and will not be described again.

Authorizing the item in the platform device by the platform authorization device 713 in the data providing device refers to authorizing the project space controlled by the trusted platform device at the data providing device end. The authorization method can directly package and authorize the platform device item through the item in the data providing device, so that the confidential data provided by the data providing device end can be obtained by the platform device item, and the above example is in the data. The project space of Company A in the development platform packages and authorizes the third-party project space, so that the account of the third-party project space can read the desensitization data or the third-party project space has the right to accept desensitization data.

Then, the authorization obtaining device 735 in the platform device end obtains the authorization information of the data providing device and the data application device for the item, and refers to the authorization of the data providing device end and the data application device end of the platform device end. Therefore, the flow and processing of confidential data are transferred in a secure environment of mutual trust. In the above example, in the data development platform, the project space of company A and company D packages and authorizes the third-party project space, thereby making company A Desensitization data can be streamed in third-party project spaces and developers of Company D can develop desensitization data for Company A in a third-party space. Data is transferred and processed in a secure and controllable environment through project authorization on the platform device side to improve data security.

Further, the desensitization data obtaining means 731 in the platform device end acquires desensitization data from the data providing device through the item according to the authorization information, wherein the desensitization data is passed through the data providing device Production data desensitization is obtained. That is, the project on the platform device side obtains the desensitization data according to the authorization of the data providing device end, wherein the obtaining manner includes, but is not limited to, reading the desensitized data within the authority according to the authorization of the project, In the data development platform, Company A grants the third-party project the right to read and copy the desensitized data of the confidential data, so that the third-party project acquires the desensitization data of Company A.

Therefore, the authorization obtaining device 735 of the platform device end is further configured to acquire authorization information of the data providing device and the data application device for the production item. That is, the production project on the data development device side and the data application device side package and authorize the production items in the platform device side of the common trust, so that the real data to be processed within the allowable range of the two can be shared in a safe production project environment. In the above example, Company A and Company D authorize the production projects in the third-party projects in the data development platform, and obtain the real data required by the two parties to jointly develop the software after obtaining the authorization.

Then, the desensitization data obtaining device 731 in the platform device end is further configured to acquire desensitization data from the data providing device by using the development item according to the authorization information, wherein the desensitization data passes the The production data desensitization process in the data providing device is obtained. Here, the desensitization data in the platform device is provided by the data providing device side to the desalination data to the development project that can be used only by the data application device developer, and according to the above example, according to the authorization of the company A for the third party data, The third-party development project obtains the desensitization data of Company A, so that the developer who adds the developer to the third-party development project can process and use the desensitization data of Company A through the development project, thereby ensuring that the desensitization data can be It is used by developers of Company D in a third-party security environment, but because the desensitized data cannot be copied or reserved for use in a third-party controlled environment, the security of confidential data is guaranteed.

Then, the platform device end configuration device 732 is further configured to configure the development project according to the corresponding data application device. That is, the data application device can process the desensitization data provided by the data providing device in the platform device by adding the development account in the data application device to the development project or the like through the platform device end. The development project space shared by A and D companies in the data development platform adds the developer account of Company D to the project space of the third party according to the application of Company D, and then processes the desensitization data of Company A.

Then, the desensitization data processing device 733 in the platform device end is further configured to process the desensitization data through the configured development item. After the development account or personnel of the data application device is configured to the development project, the desensitization data provided by the data providing device is processed in the development project of the platform device side, and the developer of the D company in the data development platform is connected as an example. Or the account number is added to the development of the desensitization data of Company A in the third-party development project space, so that the desensitization data cannot be copied or reserved for use in a third-party controlled environment, and the confidential data is guaranteed. Security.

Next, the data processing result providing means 736 in the platform device side provides the processing result of the desensitization data in the application development project to the application production item. Among them, desensitization data processing results include, but are not limited to, software code developed based on desensitization data, plotted data charts, and the like. The return method of desensitization data processing results includes However, it is not limited to the background system of the data development platform or the establishment of a secure channel such as SFTP between the computer devices for transmission and reception. In the above example, the developer of Company D develops the software code of the application through the development account in the third-party development project based on the desensitization data, and then sends the code back to the production project through the data development platform, so that Company A is in the third party. Data processing results are reviewed or evaluated in the production project space to further ensure the security of data and data processing results.

Next, the data processing result issuing means 737 in the platform set end issues the processing result of the desensitizing data in the development item through the production item. Among them, the release processing result is to verify the data processing result or to produce it through real production data. In the above example, Company A publishes the returned program code based on desensitization data on the data development platform in the production project, and the production account uses the real data in the third-party project space to execute the software program on the released data. Test work. The data processing results are released in the third-party production space so that the processing results are post-processed or verified within the data provider's secure environment, thereby improving the security of the data processing results.

Preferably, the data application device side further includes a platform authorization device 722 (not shown) for performing authorization processing on the items in the platform device. That is, the data application device uses the data to provide the data of the device end, and in the case that the data needs to be processed together with the data, the platform can be authorized to obtain the data to apply the confidential data of the device or the desensitization data thereof. In the above example, in the data development platform, D company needs to combine the confidential data of Company D with the desensitization data of Company A to develop or research the software in the third-party development environment. Therefore, the project space controlled by Company D is the first. The three-party platform project is authorized to provide desensitization data of D company's confidential data, so that the dual-issue data of the company's dual-issue data is properly protected when the shared data is processed.

Further, the platform device side further includes an application-side desensitization data acquisition device 738 (not shown) for acquiring application-side desensitization data from the data application device through the development project according to the authorization information, where The application desensitization data is obtained by desensitizing the application side production data in the data application device. Further, the desensitization data processing device 733 is further configured to process the desensitization data and the application side desensitization data through the configured development item. That is, the platform device side obtains the desensitization data according to the authorization of the data application device, wherein the development project account including but not limited to the platform device obtains the access permission of the development project of the data application device side or the data application device sends the desensitization data to the device end On the platform device side, the above example, that is, the development project of D company authorizes the development project of the third party, so that the desensitization data of the confidential data of D company can be separately or cooperated by the developer in the third-party development project. The company's desensitization data is processed together, so that the confidential data of both parties in the third party is shared, and the third-party security management environment makes the data output need to be shared by both parties. Same as allowed, thus protecting the security of the data.

It is obvious to those skilled in the art that the present application is not limited to the details of the above-described exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or essential characteristics of the present application. Therefore, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the invention is defined by the appended claims instead All changes in the meaning and scope of equivalent elements are included in this application. Any reference signs in the claims should not be construed as limiting the claim. In addition, it is to be understood that the word "comprising" does not exclude other elements or steps. A plurality of units or devices recited in the device claims may also be implemented by a unit or device by software or hardware. The first, second, etc. words are used to indicate names and do not represent any particular order.

Claims

A method for data processing, wherein the method comprises:

Desensitizing the production data in the production project to obtain corresponding desensitization data;

Sending the desensitization data to a corresponding development project;

The desensitization data is processed by the development project.
The method of claim 1 wherein the method further comprises:

Returning the processing result of the desensitization data in the development project to the production project;

The processing result is issued by the production project.
The method of claim 2, wherein the method further comprises:

Setting permission information of the development item regarding the desensitization data;

The sending the desensitization data to the corresponding development project includes:

The desensitization data is sent to the development project based on the permission information.
A method for data processing on a data providing device side, wherein the method comprises:

Desensitizing the production data in the production project to obtain corresponding desensitization data;

Developing and authorizing the application development project in the corresponding data application device through the development project;

The desensitization data is sent to the application development project via the development project according to result information of the development authorization process.
The method of claim 4, wherein the method further comprises:

Performing production authorization processing on the application production item in the data application device by the production project;

The production data is transmitted to the application production item via the production item according to result information of the production authorization process.
A method for data processing on a data application device side, wherein the method includes:

Desensitizing data from a development item in the data providing device is obtained by an application development project, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device;

The desensitization data is processed by the application development project.
The method of claim 6 wherein the method further comprises:

Providing the processing result of the desensitization data in the application development project to the application production project;

The processing result is released by the application production project.
The method of claim 7 wherein the method further comprises:

Obtaining production data of a production item in the data providing device by applying a production project;

Wherein the publishing the processing result by using the application production item comprises:

The processing result is executed in the application production item based on the production data.
The method of any of claims 6 to 8, wherein the method further comprises:

Desensitizing the application production data in the application production project to obtain corresponding application desensitization data;

The processing the desensitization data by the application development project includes:

The desensitization data and the application desensitization data are processed by the application development project.
A method for data processing on a data providing device side, wherein the method comprises:

Desensitizing the production data in the data providing device to obtain corresponding desensitization data;

The desensitization data is sent to a corresponding platform device for processing by a corresponding data application device.
The method of claim 10, wherein the method further comprises:

Authorizing processing of items in the platform device.
A method for data processing on a data application device side, wherein the method includes:

The platform device is configured to process desensitization data obtained by desensitizing the production data in the data providing device.
The method of claim 12, wherein the method further comprises:

Authorizing processing of items in the platform device.
A method for data processing on a platform device side, wherein the method includes:

Acquiring desensitization data from the data providing device, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

Configuring the platform device according to the corresponding data application device;

The desensitization data is processed by the configured platform device.
The method of claim 14 wherein the method further comprises:

Creating a project in the platform device;

Wherein the obtaining desensitization data from the data providing device comprises:

Desensitizing data from the data providing device is obtained by the item, wherein the desensitizing data is obtained by desensitizing the production data in the data providing device;

The device for configuring the platform according to the corresponding data application device includes:

Configuring the project according to the corresponding data application device;

The processing the desensitization data by the configured platform device includes:

The desensitization data is processed by the configured item.
The method of claim 15 wherein

Obtaining authorization information of the data providing device and the data application device for the item;

The obtaining the desensitization data from the data providing device by using the item includes:

Desensitization data from the data providing device is acquired by the item according to the authorization information, wherein the desensitization data is obtained by desensitizing the production data in the data providing device.
The method of claim 16 wherein said project comprises a production project and a development project;

The obtaining the authorization information of the data providing device and the data application device for the item includes:

Obtaining authorization information of the data providing device and the data application device on the production item;

The obtaining desensitization data from the data providing device by using the item according to the authorization information includes:

Desensitizing data from the data providing device is obtained by the development project according to the authorization information, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

The configuring the item according to the corresponding data application device includes:

Configuring the development project according to the corresponding data application device;

The processing the desensitization data by the configured item includes:

The desensitization data is processed by the configured development project.
The method of claim 17 wherein the method further comprises:

Providing the processing result of the desensitization data in the application development project to the application production project;

The processing result of the desensitization data in the development project is released by the production project.
The method of claim 17 or 18, wherein the method further comprises:

Obtaining application desensitization data from the data application device through the development item according to the authorization information, wherein the application side desensitization data is obtained by desensitizing the application side production data in the data application device ;

The processing the desensitization data by the configured development item includes:

The desensitization data and the application desensitization data are processed by the configured development project.
A device for performing data processing, wherein the device comprises:

a data desensitizing device for desensitizing the production data in the production project to obtain corresponding desensitization data;

a desensitization data transmitting device, configured to send the desensitization data to a corresponding development project;

A desensitization data processing device for processing the desensitization data by the development project.
The device of claim 20, wherein the device further comprises:

a data processing result providing means for returning the processing result of the desensitization data in the development project to the production item;

a data processing result issuing device for distributing the processing result by the production item.
The device of claim 21, wherein the device further comprises:

a desensitization data authority setting device, configured to set permission information of the development item regarding the desensitization data;

Wherein the desensitization data transmitting device is used to:

The desensitization data is sent to the development project based on the permission information.
A data providing device for performing data processing, wherein the device comprises:

a data desensitizing device for desensitizing the production data in the production project to obtain corresponding desensitization data;

Developing an authorization device for developing and authorizing the application development project in the corresponding data application device through the development project;

And a desensitization data transmitting device, configured to send the desensitization data to the application development project via the development project according to result information of the development authorization process.
The device of claim 23, wherein the device further comprises:

a production authorization device, configured to perform production authorization processing on the application production item in the data application device by using the production item;

a production data transmitting device for transmitting the production data to the application production item via the production item according to result information of the production authorization process.
A data application device for performing data processing, wherein the device comprises:

a desensitization data acquisition device for acquiring desensitization data from a development item in a data providing device by an application development project, wherein the desensitization data is obtained by desensitizing the production data of the production item in the data providing device;

A desensitization data processing device for processing the desensitization data by the application development project.
The device of claim 25, wherein the device further comprises:

a data processing result providing device, configured to provide the processing result of the desensitization data in the application development project to the application production project;

And a data processing result issuing device, configured to issue the processing result by the application production item.
The device of claim 26, wherein the device further comprises:

a production data obtaining device for acquiring production data of a production item in the data providing device by applying a production project;

The data processing result publishing device is configured to:

The processing result is executed in the application production item based on the production data.
The device according to any one of claims 25 to 27, wherein the device further comprises:

a data desensitizing device, configured to desensitize the application production data in the application production project to obtain corresponding application desensitization data;

Wherein the desensitization data processing device is used to:

The desensitization data and the application desensitization data are processed by the application development project.
A data providing device for performing data processing, wherein the device comprises:

a data desensitizing device, configured to desensitize the production data in the data providing device to obtain corresponding desensitization data;

The desensitization data sending device is configured to send the desensitization data to a corresponding platform device for processing by a corresponding data application device.
The device of claim 29, wherein the device further comprises:

The platform authorization device is configured to perform authorization processing on the items in the platform device.
A data application device for performing data processing, wherein the device comprises:

A platform configuration device for configuring the platform device to process desensitization data, wherein the desensitization data is obtained by desensitizing the production data in the data providing device.
The device of claim 31, wherein the device further comprises:

The platform authorization device is configured to perform authorization processing on the items in the platform device.
A platform device for performing data processing, wherein the device includes:

Desensitization data acquisition means for acquiring desensitization data from the data providing device, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

a configuration device, configured to configure a platform device according to the corresponding data application device;

The desensitization data processing device is configured to process the desensitization data by the configured platform device.
The device of claim 33, wherein the device further comprises:

a platform project creation device for creating a project in the platform device;

Wherein the desensitization data acquisition device is used to:

Desensitizing data from the data providing device is obtained by the item, wherein the desensitizing data is obtained by desensitizing the production data in the data providing device;

Wherein the configuration device is used to:

Configuring the project according to the corresponding data application device;

Wherein the desensitization data processing device is used to:

The desensitization data is processed by the configured item.
The device of claim 34, wherein the device further comprises:

And an authorization obtaining device, configured to acquire authorization information of the data providing device and the data application device for the item;

The desensitization data acquisition device is further configured to:

Desensitization data from the data providing device is acquired by the item according to the authorization information, wherein the desensitization data is obtained by desensitizing the production data in the data providing device.
The apparatus according to claim 35, wherein said item comprises a production item and a development item;

Wherein the authorization obtaining device is used to:

Obtaining authorization information of the data providing device and the data application device on the production item;

Wherein the desensitization data acquisition device is used to:

Desensitizing data from the data providing device is obtained by the development project according to the authorization information, wherein the desensitization data is obtained by desensitizing the production data in the data providing device;

Wherein the configuration device is used to:

Configuring the development project according to the corresponding data application device;

Wherein the desensitization data processing device is used to:

The desensitization data is processed by the configured development project.
The device of claim 36, wherein the device further comprises:

a data processing result providing device, configured to provide the processing result of the desensitization data in the application development project to the application production project;

And a data processing result issuing device, configured to release, by the production item, a processing result of the desensitization data in the development project.
The device according to claim 36 or 37, wherein the device further comprises:

An application-side desensitization data acquisition device, configured to acquire, by the development project, application-side desensitization data from the data application device according to the authorization information, where the application-side desensitization data is applied to the data application device The application side production data is desensitized;

Wherein the desensitization data processing device is used to:

The desensitization data and the application desensitization data are processed by the configured development project.